Technology News

Multicore microcontroller supports ASIL D safety requirements

May 14, 2012 | Christoph Hammerschmidt | 222902233

In the automotive industry, the aspect of functional safety increasingly gains importance in the design of new functions - in the first place for applications involved in braking and steering the car. But powertrain-related applications are also subject to functional safety considerations - for instance in automatic transmissions where today a microcomputer shifts gears. For this reasons, microprocessors and software alike become subject to the application of ISO 26262 which regulates the processes and requirements for embedded safety-related functions in cars.

Page 1 of 3

A new microprocessor family, the Aurix 32-bit microcontroller from Infineon, is designed to facilitate the development of safety functions such as the control of combustion engines, electrical and hybrid vehicles, transmission control units, chassis domains, braking systems, electrical power steering systems, airbags and advanced driver assistance systems. For the same reasons, the device also is a good platform to run safety-relevant applications.

From available standard microcontrollers the Aurix distinguishes itself in that already during its development the principles described in ISO26262 have been applied, explained Ulrich Heinzenberg, Product Marketing Manager for the Aurix family. "A major aspect in this context is traceability. The design team always must be able to substantiate every single measure it took during the design process." While in currently available products the functional safety principles are applied only to the lockstep CPUs, in the Aurix family the entire circuitry has been submitted to this process, Heinzenberg said.

As a consequence, the Aurix architecture allows a significant reduction in workload to develop safety systems compliant with today's highest Automotive Safety Integrity Level, the ASIL D standard. Compared to a classical Lockstep architecture safety development efforts may be reduced by 30 percent improving the time-to-market. "For instance, safety-relevant functions can be 'incapuslated'", said Heinzenberg.

These encapsulation techniques allow integration of software with mixed-criticality levels (up to ASIL D) from different sources, enabling multiple applications and operating systems to be seamlessly hosted on a unified Aurix platform.

Besides the safety aspect, the Aurix family also offers up to 100 percent performance surplus over the TC1798 manufactured in 90nm technology, which is currently the highest performing automotive microcontroller in the market, enabling designers to implement more functionality and offering a resource buffer for future requirements. Additionally, to serve upcoming security requirements for better protection of automotive applications from theft, fraud and tampering, members of the Aurix family feature a built-in Hardware Security Module (HSM).

In the automotive industry, the aspect of functional safety increasingly gains importance in the design of new functions - in the first place for applications involved in braking and steering the car. But powertrain-related applications are also subject to functional safety considerations - for instance in automatic transmissions where today a microcomputer shifts gears. For this reasons, microprocessors and software alike become subject to the application of ISO 26262 which regulates the processes and requirements for embedded safety-related functions in cars.

A new microprocessor family, the Aurix 32-bit microcontroller from Infineon, is designed to facilitate the development of safety functions such as the control of combustion engines, electrical and hybrid vehicles, transmission control units, chassis domains, braking systems, electrical power steering systems, airbags and advanced driver assistance systems. For the same reasons, the device also is a good platform to run safety-relevant applications.

From available standard microcontrollers the Aurix distinguishes itself in that already during its development the principles described in ISO26262 have been applied, explained Ulrich Heinzenberg, Product Marketing Manager for the Aurix family. "A major aspect in this context is traceability. The design team always must be able to substantiate every single measure it took during the design process." While in currently available products the functional safety principles are applied only to the lockstep CPUs, in the Aurix family the entire circuitry has been submitted to this process, Heinzenberg said.

As a consequence, the Aurix architecture allows a significant reduction in workload to develop safety systems compliant with today's highest Automotive Safety Integrity Level, the ASIL D standard. Compared to a classical Lockstep architecture safety development efforts may be reduced by 30 percent improving the time-to-market. "For instance, safety-relevant functions can be 'incapuslated'", said Heinzenberg.

These encapsulation techniques allow integration of software with mixed-criticality levels (up to ASIL D) from different sources, enabling multiple applications and operating systems to be seamlessly hosted on a unified Aurix platform.

Besides the safety aspect, the Aurix family also offers up to 100 percent performance surplus over the TC1798 manufactured in 90nm technology, which is currently the highest performing automotive microcontroller in the market, enabling designers to implement more functionality and offering a resource buffer for future requirements. Additionally, to serve upcoming security requirements for better protection of automotive applications from theft, fraud and tampering, members of the Aurix family feature a built-in Hardware Security Module (HSM).

The Aurix microcontrollers contain three parallel TriCore CPUs running at up to 300MHz. This improved performance is achieved with power consumption equivalent to Infineon's current Audo Max microcontroller family.

Anticipating upcoming security and protection requirements, Infineon has integrated a programmable hardware security module (HSM) into the Aurix family. When designing the HSM module, the company benefitted from its expertise in hardware-based encryption technologies - Infineon also develops and sells a broad spectrum of highly secure chips for payment and identification applications. The HSM as “embedded chip card” enhances protection against attacks of IP infringement, fraud and software hijacking.

All Aurix family members are manufactured in a 65nm embedded Flash technology designed for high reliability in the harsh automotive environment. To ensure supply, Infineon has set-up a dual frontend supply concept with two locally separated production sites using identical certified processes and tooling.

Tool partners offer a range of tools adapted to Aurix to assure optimal design flow and to control the effort and cost of multicore software development. The tool chain includes optimizing C/C++ cross compilers and debuggers. In addition, dedicated measurement, calibration and diagnostics tools provide the functionality needed for the development of powertrain ECUs.

A free-of-charge TriCore Entry Tool Chain comprising a fully functional GNU C Compiler including Debugger and an Eclipse based development environment can be downloaded from the Infineon TriCore product web site at www.infineon.com/freetools

Infineon provides MC-ISAR low-level drivers based on the AUTOSARv4 MCAL and support for the upcoming v3.2. This allows designs to take full advantage of an AUTOSAR-based development process at the control unit level. The AUTOSAR drivers are based on a technology developed by Infineon since 2005. Infineon's in-house software development is certified according the CMM level 3 standard to ensure optimized and qualified software releases. Currently the implementation of an ASPICE certification is ongoing.

Early engineering samples of the 200MHz triple core lead device with 4MB eFlash of the Aurix family in a LQFP-176 package (TC275T) and in a BGA-292 package (TC277T) have already been released to key customers. General sampling is scheduled to start in the first half of 2013. Qualification of the first product is planned in the second half of 2013.